We were given a blank page.

But if we look at http headers, we can see that we have masked flag in them.

All that we need – find masked characters of flag.

ASIS Cyber Security Contest 2014-05-11 20-25-03 2014-05-11 20-25-11I noticed that in source of any page in this CTF we have js, which calculate sha256(sha256(flag)). And if it matches, sends flag to server.
So we can brute our flag more quickly.
Here is a according snippet:

    var shaObj = new jsSHA(document.forms["flag_submission"]["id_flag"].value, "TEXT");
    var hash = shaObj.getHash("SHA-256", "HEX");
    var shaObj2 = new jsSHA(hash, "TEXT");
    var hash2 = shaObj2.getHash("SHA-256", "HEX");
    if (document.forms["flag_submission"]["check"].value !== hash2) {

Here is script which does this job.

#!/usr/bin/env python
import hashlib
import sys
def run(src):
    alpha = "0123456789abcdef"
    pos = src.find('?')
    if pos == -1:
	if hashlib.sha256(hashlib.sha256(src).hexdigest()).hexdigest() == "2b127c77074e44b6e74074b1eb8d32dfe27fe78e6a05e302baed68e2cc643ca1":
	    print "Flag: %s" % src
    for i in xrange(0, alpha.__len__()):
	cur = src[:pos] + alpha[i] + src[pos + 1:]
src = "ASIS_b6b?244608c2?c2e869cb56?67b64?b1"